|
class: Cryptography
HTDB supports the encryption and decryption of strings.
The underlying routines are based upon the RC4 encryption algorithms
(although we are close to allowing arbitrary encryption using the libmcrypt
library).
Encrypted strings are filtered through a modified base64 encoding
so as to make the results usable in URLs and GET/POST results.
Typically, encryption is used to mask GET arguments; the script writer
encrypts name value pairs which, when included in hyperlink or
GET/POST forms, are transparently decrypted by the system on the receiving
web page.
There are 3 "classes" of encryption which differ only by the
key used in encryption. The three classes are described below.
These classes may be extended by a knowledgeable programmer.
note: this code is derived from the (now public-domain) RC4
algos and are made web-usable via modified base64 encoding code,
originally released under the Mozilla Public License.
base
This "base" key should only be used internally for "bootstrapping" purposes.
These routines are used when decrypting values that are contained in HTDB configuration
files and session cookies. This will keep the casual curious from readily observing
configuration parameters, such as database passwords and the like.
The base encryption routines should remain private - not used for web name/value encryption.
${be1(string)}
|
input | ${be1(hello world)} |
|
yields | |be1|2PGeu5Pu3ARKJ3o
|
${be1(encrypted_string)}
|
input | ${be1(|be1|2PGeu5Pu3ARKJ3o)} |
|
yields | hello world
|
session
If HTDB is configured to have web session tracking enabled, the
session_id will be used as part of the encryption/decryption key.
What this does is enable extremely secure access to web pages - such pages
are only accessible from the computer that originated the page request.
In otherwords, URLs with GET parameters can be freely observed, but the
destination page will only decrypt properly for a single computer.
${se1(string)}
|
input | ${se1(hello world)} |
|
yields | |se1|vNKuJyN8soMAIPM
|
${se1(encrypted_string)}
|
input | ${se1(|se1|vNKuJyN8soMAIPM)} |
|
yields | hello world
|
public
"Public" means public is the sense that URLs containing these encrypted
GET arguments are intended for public consumption.
The key used is specified in the site-specific HTDB configuration file.
${pe1(string)}
|
input | ${pe1(hello world)} |
|
yields | |pe1|bG12HaWlYmZqMpA
|
${pe1(encrypted_string)}
|
input | ${pe1(|pe1|bG12HaWlYmZqMpA)} |
|
yields | hello world
|
${encrypt(string)}
|
input | ${encrypt(hello world)} |
|
yields | |pe1|bG12HaWlYmZqMpA
|
|
notes |
the encrypt function is provided as a convenient
synonym for pe1
|
| ![[home]](http://htdb.org/images/blank.gif){kind=small}
Crypto